You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by qMax <qm...@mediasoft.ru> on 2005/04/15 11:48:31 UTC

has roles to be accreditable managed ?

While managed via AccreditableManager, Roles are not Accreditables, neither Identiables.

As noted in documentation, roles are just strings to identify themselves (atoms).
And I seems more logically they should be configured as string-parameters of
(whole) publication, kinda in /lenya/pubs/$pub/config/roles.xconf.

What do you think ?

-- 
 qMax


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re[2]: has roles to be accreditable managed ?

Posted by qMax <qm...@mediasoft.ru>.

Friday, April 15, 2005, 7:05:39 PM, andreas@apache.org wrote:

AH> qMax wrote:
>> While managed via AccreditableManager, Roles are not
>> Accreditables, neither Identiables.
>> 
>> As noted in documentation, roles are just strings to identify themselves (atoms).
>> And I seems more logically they should be configured as string-parameters of
>> (whole) publication, kinda in /lenya/pubs/$pub/config/roles.xconf.
>> 
>> What do you think ?

AH> IMO this is a good idea, as it shows the immutability of roles.
AH> They are used for AC and workflow, so maybe they should really
AH> be declared outside the config/ac directory.
why not config/ac.xconf ?

IIRC, roles are used completely inside AC:
they assigned by Policy, and checked by variuos Authorizers.
So probably roles should be configured ALONG policies and authorizers.
That is - in ac.xconf for publication, and wherever other AC
configured.
I hardly imagine usage of several AccessControllers, but i suspect that
they are not obliged to have the same set of roles.

Another solution could be to do not configure roles at all
and let them appear as they appear from policies and be accepted as they
accepted by authorizers.
Generally speaking, what is roles "configuration", other then stating
their names in one place and possibly check AC-components for consistency ?

-- 
 qMax

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: has roles to be accreditable managed ?

Posted by Andreas Hartmann <an...@apache.org>.

qMax wrote:
> While managed via AccreditableManager, Roles are not Accreditables, neither Identiables.
> 
> As noted in documentation, roles are just strings to identify themselves (atoms).
> And I seems more logically they should be configured as string-parameters of
> (whole) publication, kinda in /lenya/pubs/$pub/config/roles.xconf.
> 
> What do you think ?

IMO this is a good idea, as it shows the immutability of roles.
They are used for AC and workflow, so maybe they should really
be declared outside the config/ac directory.

-- Andreas


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org